<?php

namespace brain\utility;

use brain\data\Settings;

class HandleCors
{
    public function __construct()
    {
        //look to see if settings file exists. kinda important
        if (file_exists('../config/settings.json')) {
            //check settings to see if external api access is allowed
            $config   = new Settings();
            $settings = $config->getSettings();
            if ($settings['global']['externalAPI']) {
                //echo "API STATUS: " . $settings["global"]["externalAPI"];
                if ($settings['global']['externalAPI'] == 'true') {
                    //echo "API ACCESS ACTIVE";
                    // checks to see if origin is set
                    if (isset($_SERVER['HTTP_ORIGIN'])) {
                        // You can decide if the origin in $_SERVER['HTTP_ORIGIN']
                        //is something you want to allow, or as we do here, just allow all
                        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
                    } else {
                        //No HTTP_ORIGIN set, so we allow any. You can disallow if needed here
                        //never allow just any domain, so turn CORS off if no No HTTP_ORIGIN is set
                        //header("Access-Control-Allow-Origin: *");
                    }

                    header('Access-Control-Allow-Credentials: true');
                    header('Access-Control-Max-Age: 600'); // cache for 10 minutes

                    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
                        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
                            header(
                                'Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT'
                            );
                        } //Make sure you remove those you do not want to support

                        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
                            header(
                                "Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"
                            );
                        }

                        //Just exit with 200 OK with the above headers for OPTIONS method
                        exit(0);
                    }
                } else {
                    //echo "API ACCESS ACTIVE";
                }
            } else {
                //value doesn't exist, so whatevs
                //echo "API ACCESS VALUE NOT PRESENT";
            }
        } else {
            //init state, so chill
        }
    }
}